Vulnerabilities > Yiiframework > YII > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-07-28 CVE-2022-31454 Cross-site Scripting vulnerability in Yiiframework YII 2.0.45
Yii 2 v2.0.45 was discovered to contain a cross-site scripting (XSS) vulnerability via the endpoint /books.
network
low complexity
yiiframework CWE-79
6.1
6.1
2021-08-10 CVE-2021-3692 Use of Insufficiently Random Values vulnerability in Yiiframework YII
yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator
network
low complexity
yiiframework CWE-330
5.0
5.0
2021-08-10 CVE-2021-3689 Use of Insufficiently Random Values vulnerability in Yiiframework YII
yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator
network
low complexity
yiiframework CWE-330
5.0
5.0
2019-01-28 CVE-2018-20745 Origin Validation Error vulnerability in Yiiframework YII
Yii 2.x through 2.0.15.1 actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems. 		4.3
4.3
2018-03-21 CVE-2018-8074 Code Injection vulnerability in Yiiframework YII
Yii 2.x before 2.0.15 allows remote attackers to inject unintended search conditions via a variant of the CVE-2018-7269 attack in conjunction with the Elasticsearch extension. 		6.8
6.8
2017-07-21 CVE-2017-11516 Cross-site Scripting vulnerability in Yiiframework YII 2.0.12
An XSS vulnerability exists in framework/views/errorHandler/exception.php in Yii Framework 2.0.12 affecting the exception screen when debug mode is enabled, because $exception->errorInfo is mishandled. 		4.3
4.3